tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Howard W. Smith, Jr." <smithh032...@gmail.com>
Subject Re: JAVA_OPTS catalina.bat vs tomcat7w.exe
Date Mon, 25 Feb 2013 20:15:59 GMT
On Mon, Feb 25, 2013 at 3:08 PM, Howard W. Smith, Jr. <
smithh032772@gmail.com> wrote:

>
> can you please clarify 'the server is open to abuse from pretty much
> anyone who can reach it'? can you refer to me a blog or an article that
> discusses app abuse via jmx? i have hardware firewall in place and the jmx
> port is not open/available at the hardware firewall level. I usually login
> remotely to production server, and open Java visual VM to check status of
> the app (via JMX).
>
>
>
I just searched google for:

tomcat jmx abuse attack

and I see a lot of search results mentioning 'jboss', but found a document
(that mentions tomcat, too) [1] that I could skim/read for now. Thanks.

[1] [PDF] *Abusing*
Jboss<https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=7&cad=rja&ved=0CGwQFjAG&url=https%3A%2F%2Fwww.trustwave.com%2Fdownloads%2Fspiderlabs%2FTrustwave-SpiderLabs-Abusing-Jboss-Papathanasiou.pdf&ei=7sQrUafYJsHvqAHwrYHQBQ&usg=AFQjCNFMm__avVjkVr5Rl6NQrfCbXOQmMg&sig2=aJBWyp4u7G8Rfq4eIgaRZA&bvm=bv.42768644,d.b2I>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message